<?php
// Tim'Roster
// Copyright (c) 2011 Nicolas Nallet <aspgic2@gmail.com>
//
// This file is part of Tim'Roster.
//
// Tim'Roster is free software; you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License as published by
// the Free Software Foundation; either version 3 of the License, or
// (at your option) any later version.
//
// Tim'Roster is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
// GNU Affero General Public License for more details.
//
// You should have received a copy of the GNU Affero General Public License
// along with this program; if not, write to the Free Software Foundation,
// Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301  USA

session_start();

$xml_config = simplexml_load_file('config.xml');

include_once($_SERVER["DOCUMENT_ROOT"].$xml_config->roster_root_directory.'/technical_class/authentification/User.php');
include_once($_SERVER["DOCUMENT_ROOT"].$xml_config->roster_root_directory.'/technical_class/language/language.php');
include_once($_SERVER["DOCUMENT_ROOT"].$xml_config->roster_root_directory.'/render/render_header_footer.php');



if ((isset($_GET['logoff']))){
    User::logoff();
    header('Location: login.php');
}

if (User::is_user_logged()){
    header('Location: index.php');
}


if ((isset($_POST['user'])) && (isset($_POST['pass']))){

    if (!User::is_user_banned($_POST['user'])) {
        if(User::login($_POST['user'], $_POST['pass'])){
            if (User::is_user_active()){
                $url_referer = User::get_url_referer();

                if (isset($url_referer)){
                    header('Location: '.$url_referer);
                }
                else {
                    header('Location: index.php');
                }
            }
            else {
                $content = Language::get_instance()->get_label('lb_inactive_account');
            }
        }
        else {
            $attempt = User::add_failed_logging_attempt($_POST['user']);
            $content =  Language::get_instance()->get_label('lb_login_failed');

            if ($attempt >= User::MAX_FAILED_LOGGING){
                $content .=  Language::get_instance()->get_label('lb_user_banned_1')
                        .User::TEMPORARY_BAN_DURATION
                        .Language::get_instance()->get_label('lb_user_banned_2');
            }
        }
    }
    else {
        $content = Language::get_instance()->get_label('lb_user_banned_until').User::get_user_deban_date($_POST['user']);
    }
}

?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
    <head>
        <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
        <script type="text/javascript" src="js/login_data_check.js"></script>
        <link rel="shortcut icon" type="images/x-icon" href="img/quest_jeton.png" />

        <style>
            @import url(css/base.css);
        </style>

        <script type="text/javascript">
            function validForm(){               
                var error = 0;

                var username = document.getElementById('user').value;
                var pass = document.getElementById('pass').value;

                //Username must be set
                if (!username){
                    error = 1;
                    alert(<?php echo '\''.Language::get_instance()->get_label('lb_username_must_be_set').'\'' ?>);
                }

                if ((!pass) && (error == 0)){
                    error = 1;
                    alert(<?php echo '\''.Language::get_instance()->get_label('lb_password_must_be_set').'\'' ?>);
                }

                //Username's length must be < 32
                if ((!checkUsernameFormat(username)) && (error == 0)){
                    error = 1;
                    alert(<?php echo '\''.Language::get_instance()->get_label('lb_username_format').'\'' ?>);
                }

                if (((!checkPasswordFormat(pass))) && (error == 0)){
                    error = 1;
                    alert(<?php echo '\''.Language::get_instance()->get_label('lb_password_format').'\'' ?>);
                }

                //if no error redirect
                if (error == 0){
                    document.login_form.submit();
                }
            }
        </script>
    </head>
    <body>
        <center>
            <?php
                echo render_page_header().'</br>';
            ?>

            <fieldset>
                <h1 class="title">
                    <?php
                        echo Language::get_instance()->get_label('lb_login');
                    ?>
                </h1>
                <?php
                    if (isset($content)) { echo '<h2>'.$content.'</h2>'; }
                ?>
                <form name ="login_form" method="post" accept-charset="utf-8">
                    <?php echo Language::get_instance()->get_label('lb_login') ?><br/><input type="text" name="user" id="user" value=""/><br/>
                    <?php echo Language::get_instance()->get_label('lb_password') ?><br/><input type="password" name="pass" id="pass" value=""/><br/>
                    <input type="button" value="<?php echo Language::get_instance()->get_label('lb_login'); ?>" onclick="validForm();" /><br/><br/><br/>
                    <h2><a href="register.php" class="menu"><?php echo Language::get_instance()->get_label('lb_register') ?></a></h2>
                    <h2><a href="password_recovery.php" class="menu"><?php echo Language::get_instance()->get_label('lb_password_recovery') ?></a></h2>
                </form>
            </fieldset>
            <?php
                echo render_page_footer();
            ?>
        </center>
       

    </body>
</html>
